The host is running Oracle Java System Web Server and is prone to HTTP response splitting vulnerability.
Successful exploitation will allow remote attackers to conduct Cross Site Scripting and browser cache poisoning attacks. Impact Level: Application
Apply the patch from below link, http://sunsolve.sun.com/search/document.do?assetkey=1-79-1215353.1-1
The flaw is due to input validation error in 'response.setHeader()' method which is not properly sanitising before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
Oracle Java System Web Server 6.x/7.x